[ upstream commit a7beef597de252fdc008b3e34612410857c9c7dd ]

Initially, we will support a pre-shared key model where all endpoints
have a pre-shared keys loaded from a file. The file layout is as
follows with a key per line.

authname authkey encname enckey [scope]

This allows keys to be scoped so that it is possible to have a key
per node if desired. If scope is omitted the key is considered a
default key used if a more specific key is not found. My three node
testing file reads as follows,

hmac(sha256) abcdefghijklmnopqrstuvwzyzABCDEF cbc(aes) abcdefghijklmnopqrstuvwzyzABCDEF ubuntu-kvm1
hmac(sha256) abcdefghijklmnopqrstuvwzyzABCDEF cbc(aes) abcdefghijklmnopqrstuvwzyzABCDEF ubuntu-kvm2
hmac(sha256) abcdefghijklmnopqrstuvwzyzABCDEF cbc(aes) abcdefghijklmnopqrstuvwzyzABCDEF

The file is loaded at init time so any changes will have to be consumed
by a restart. In the future we can add watchers for the file and allow
using etcd secrets (files).

Also note the logic is built so that other methods of key exchanges
can be added later if folks want a different model.

Looking forward we can more specific scope types to do per identity
keys if needed.

Signed-off-by: John Fastabend <john.fastabend@gmail.com>